Sysvol rebuild on a single domain controller
Hello there
Platform: Server 2008 R2 single Domain controller
A clients server above lost power with an unexpected shutdown over the week end and couldn't logon to the domain. However they can browse the network and open shares on the server. Connections to the Active directory failed and
DCDIAG reported failure to connect to the Global Catalogue server, along with other failures. The event logs show the following:
File Replication Service
Event ID 13561 Jrnl_wrap_error
Event ID 13566 declares FRS is scanning the volume but it cannot become a domain controller until finished... which it never does.
Directory Services
Event ID 1355 The Specified domain either does not exist or could not be contacted.
Finally running net share reveal that the SysVol is Netlogon shares are not available.
First of all I looked at the common JRNL fix of changing the of changing the DWORD Enable Journal Warp Automatic Restore to 1. But, it was already set to 1, when it should have been 0. So I am not sure what that means. I tried changing
it back with FRS service restarts but to no avail.
I have seen numerous entries about recovering the sysvol, but most involve pulling copies from other DC's, of which there are none. I do have a valid Windows backup with System state and Sysvol, which I feel I may be heading with this. So are there any other
paths I should be looking at, or is a restore from backup the only option?
Many thanks in advance
MIS5000
Hello Ahmed and thanks for your reply
NSLookup returns correct values both ways for IP and FQDN
I also carried out some checks following your article. There were a couple of records pointing to the old server for last year which I have deleted. In the meantime I have pasted DCDIAG below for your thoughts I where I should be looking. There
is for example a returned test fail on a the time server at the foot of the report
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server-RDS
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER-RDS
Starting test: Connectivity
......................... SERVER-RDS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERVER-RDS
Starting test: Advertising
Fatal Error:DsGetDcName (SERVER-RDS) call failed, error 1355
The Locator could not find the server.
......................... SERVER-RDS failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER-RDS passed test FrsEvent
Starting test: DFSREvent
......................... SERVER-RDS passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER-RDS passed test SysVolCheck
Starting test: KccEvent
......................... SERVER-RDS passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER-RDS passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER-RDS passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ppp,DC=com
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ppp,DC=com
......................... SERVER-RDS failed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\SERVER-RDS\netlogon)
[SERVER-RDS] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... SERVER-RDS failed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER-RDS passed test ObjectsReplicated
Starting test: Replications
......................... SERVER-RDS passed test Replications
Starting test: RidManager
......................... SERVER-RDS passed test RidManager
Starting test: Services
......................... SERVER-RDS passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 18:49:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 18:54:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 18:59:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:04:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:09:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC0001B58
Time Generated: 02/23/2015 19:12:34
Event String:
The Diagnostic Service Host service failed to start due to the follo
wing error:
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:14:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
A warning event occurred. EventID: 0x00001695
Time Generated: 02/23/2015 19:16:19
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'ppp.com.' failed. These records are used by other computers
to locate this server as a domain controller (if the specified domain is an Act
ive Directory domain) or as an LDAP server (if the specified domain is an applic
ation partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 02/23/2015 19:16:19
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'ForestDnsZones.ppp.com.' failed. These records are used by
other computers to locate this server as a domain controller (if the specified d
omain is an Active Directory domain) or as an LDAP server (if the specified doma
in is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 02/23/2015 19:16:20
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'DomainDnsZones.ppp.com.' failed. These records are used by
other computers to locate this server as a domain controller (if the specified d
omain is an Active Directory domain) or as an LDAP server (if the specified doma
in is an application partition).
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:19:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
A warning event occurred. EventID: 0x0000000C
Time Generated: 02/23/2015 19:21:44
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:24:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:29:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:34:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
A warning event occurred. EventID: 0x00001695
Time Generated: 02/23/2015 19:37:48
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'ppp.com.' failed. These records are used by other computers
to locate this server as a domain controller (if the specified domain is an Act
ive Directory domain) or as an LDAP server (if the specified domain is an applic
ation partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 02/23/2015 19:37:48
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'ForestDnsZones.ppp.com.' failed. These records are used by
other computers to locate this server as a domain controller (if the specified d
omain is an Active Directory domain) or as an LDAP server (if the specified doma
in is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 02/23/2015 19:37:48
Event String:
Dynamic registration or deletion of one or more DNS records associat
ed with DNS domain 'DomainDnsZones.ppp.com.' failed. These records are used by
other computers to locate this server as a domain controller (if the specified d
omain is an Active Directory domain) or as an LDAP server (if the specified doma
in is an application partition).
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/23/2015 19:39:23
Event String:
Name resolution for the name crl.microsoft.com timed out after none
of the configured DNS servers responded.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:39:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC00038D6
Time Generated: 02/23/2015 19:41:54
Event String:
The DFS Namespace service could not initialize cross forest trust in
formation on this domain controller, but it will periodically retry the operatio
n. The return code is in the record data.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/23/2015 19:44:31
Event String:
The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
......................... SERVER-RDS failed test SystemLog
Starting test: VerifyReferences
......................... SERVER-RDS passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ppp
Starting test: CheckSDRefDom
......................... ppp passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ppp passed test CrossRefValidation
Running enterprise tests on : ppp.com
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... ppp.com failed test LocatorCheck
Starting test: Intersite
......................... ppp.com passed test Intersite
Thanks Ahmed
MIS5000
Similar Messages
-
I had a single domain controller. It has crashed. I had to create a new domain controller with all the same existing information from the old server..same domain name, server name, and IP. Im having issues with desktops. Everything is setup on the server.
The desktops however I need to rejoin them to the domain and get them to start synching properly. But when I do this, the profile is resetting itself to a new profile. How can I keep the same profile with the same documents. Or am I out of luck on this and
have to recreate the profiles. I have had to recreate the profiles so far, but do not want to do this for about 5 computers because there is way to much software and work that will need to be involved in moving these profiles. Any shortcut for these computers
to automatically see this domain server and synch to it? Everything is identical to the old server. The old server is inaccessible.
The new servers domain name is the same, IP address is the same, and computer name is the same. AD running with all identical information. DNS installed.
Let me know if anyone has some advice on here.There's unfortunately a lot more involved than names, domain names and IP addresses.
Most of those are linked to long numbers such as "SID"s and "GUID"s in the background that actually govern the interaction between clients and servers (authentication for one).
Without the same SIDs and GUID, I fear there will be no end to your problems.
That's why either a second domain controller or a good backup are so important.
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
ChaRM config with Single domain
Hi Guru's,
I am in situation where I have to configure Change request Management with Single Domain Controller in Solution Manager 7.1 SP11.
I have configured transport routes in ECC development system (000) to Integration , quality and production and now I want to add this configuration to Solution manager without domain link.
please help me on this greatly appreciated
thanksHi Srini,
Check the below note for active ChaRM with out domain link
1384598 - Harmonizing RFC communication infrastructure in ChaRM/QGM
1756014 - Harmonizing RFC communication infrastructure for ChaRM Check
Rg,
Karthik -
Server 2012 Secondary Domain Controller not picking up AD nor DNS responsibilities
I had a single Domain Controller providing AD, DNS and DHCP. I went through the steps to add a Secondary Domain Controller. All the AD and DNS info shows up in the Secondary Server, however, when my original Domain Controller is turned
off, the second Domain Controller is not taking over for AD and DNS.Hi Bayousmurf,
Good that you made some progress. However, can you please provide us the information on how you acheived transfering FSMO role to another DC since you had some issue earlier?
Your initial intention was to demote the original DC. Please follow the below link for the steps to demote the DC.
http://technet.microsoft.com/en-in/library/jj574104.aspx
Still if I power off the original DC the new one isn't taking up DNS. Still looking into the DNS...
Can you please elaborate what exactly you are looking for? When you power off original DC, you don't see DNS in new DC? Is your DNS active directory integrated? If not please follow the below procedure to make it as a AD integrated. Once done, then, power
off original DC and look in new DC to see if DNS shows up.
http://www.tomshardware.com/faq/id-1954324/configure-active-directory-integrated-dns-zone-windows-server-2012-dns-server.html
Thanks,
Umesh.S.K -
JCIFS NTLM - giving backup domain controller in web.xml
Hi All,
We are using JCIFS NTLM authentication, for which we've configured the filter in web.xml like this
... other code ...
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>SERVER1</param-value>
</init-param>
..... other code .....the above code specifies a single domain controller SERVER1 for the NTLM authentication. Suppose, I want to give one more server also (i.e. when the SERVER1 down, NTLM should check my backup server SERVER2), how do I give it in the above code? Is it like <param-value>SERVER1, SERVER 2</param-value> ?
Thanks in advance.I am facing the same exact problem.
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>corg0dc02</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Is it possible to use EL or equivalent instead of hard-coding the param-value? Is this allowed in the Servlet spec?
I would like to read the param-value from a properties file or DB table if possible.
Edited by: asookazian on May 21, 2009 10:34 PM -
Sysvol is not visible in my last domain controller
Hi everybody, I need some help with my last domain controller I had 2 DC's the one that had the fsmo roles crashed and after that I peform a Seizing of the roles and proceed to promote another DC after that DC was promoted I checked the SYSVOL and NetLOGON
shares and they were are not, I wait for 24 ours and after that checked the event log of recovered DC and I sow the 13568 Event ID from NTFRS service, that event recommended to configure the registry with the "Enable Journal Wrap Automatic Restore"
to "1", after that I restart NTFRS service and the SYSVOL and Netlogon Shares disapear, Now users can't logon and I can see the GPOS, What I should do?
Thanks in Advance.
Felxs
FelxMake sure you perform a metadata cleanup
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/06/09/active-directory-cleanup-the-most-common-question-i-see.aspx
Followed by diagnostics to ensure things are looking good
http://blogs.dirteam.com/ControlPanel/Blogs/postlist.aspx?PageIndex=4
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Install Domain Controller, Active Directory, RemoteApps on Single Server?
Have a server that I want to experiment with RemoteApps. Documentation I have read state you need to have a Domain Controller setup with AD on one server, and have a second server to install all the RemoteApps requirements. Is this true or can
this all be done on one server.
If I need a separate server for the Domain Controller and Active Directory, can I assume that a low end server would be sufficient? Or would using Hyper-V with a single hardware server and create two virtual machines: one as the DC/AD, and the other
to run Remote Apps be a possible solution. Any advice?it really depends to be honest. I'd probably go something like this though:
One Small physical server to act as a domain controller - you could put DHCP on this too
One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined.
Then for your VM's create the following:
1 x additional domain controller
For remote desktop services:
1 x Remote Desktop Session Host
1 x Connection Broker
1 x Gateway and web server
For additional services
1 or 2 x Exchange
1 x sharepoint
1 x IIS
but it really depends what you want to achieve.
The benefit from Virtual machines is that you can keep separate virtual servers for separate applications.
If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance.
Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn: -
Rebuilding Domain controller & Transport Routes after system refresh
I have refreshed Dev from Prdn, now my domain controller only shows single system
I have documentation but, it is confusing to me how to have QAS and Prdn join the domain controller again and show the domain as a three tier system
When I log into QAS and Prdn I still see the old 3 tier system including the domain and the other systems.
Please advise
maria
Edited by: Maria Graziano on Mar 27, 2008 3:53 PMYou don't perform backup of domain controller.
You only designate in STMS one of servers as "Backup Domain Controller"
when Primary controller fails than "Backup domain Controller" takes his role and becomes a primary.
So action to refresh domain controller is:
1. Designate one of servers as backup domain controller
2. Backup transport directory if it is on refreshed server (just in case)
3. Switch backup controller to become primary
4. Refresh primary system
5. Join refreshed system to domain
6. Switch back primary function to refreshed server
Regards,
Wojtek -
I current have a two server domain, both Windows 2008 R2 and fully updated. The two servers are on subnet 10.0.1.0 /24
- Windows 2008 R2 Server A: 10.0.1.1 (DC, GC, FSMO, DNS)
- Windows 2008 R2 Server B: 10.0.1.2 (DC, GC)
AD Domain: COMPANY.LOCAL
I have a second connected subnet, 192.168.1.0 /24) which is routed to the 10.0.1.0/24 subnet and I would like to install a Windows 2012 R2 server onto a server on that subnet and make it a domain controller with AD-Integrated DNS and DHCP for the 192.168.1.0
/24 subnet.
- Windows 2012 R2 Server C: 192.168.1.1
What are the proper progression steps, in order to bring up the Windows 2012 R2 server and then add it to my COMPANY.LOCAL domain and then promote it do a DC/GC/AD-Integrated DNS server? Are they anything like the following:
1. Install Windows 2012 R2 server (Server C)
2. Point Windows 2012 R2 server DNS servers at Server's A and B
3. Perform AD prep to extend AD schema to support Windows 2012 R2 domain controllers
4. Promote Windows 2012 R2 server to domain controller (install local DNS service on Server C, during this step)
* Question: Will Windows automatically create a DNS zone for the Windows 2012 R2 subnet (192.168.1.0/24) AND also include the DNS zone from the previous Windows 2008 R2 domain (10.0.1.0 /24)? Or will I need to add the 10.0.1.0 /24 zone to the DNS
server on Server C, even though the DNS from the Windows 2008 R2 domain is AD integrated?Hi,
Regarding the issue here, please take a look into below articles:
System Requirements and Installation Information for Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn303418.aspx
Release Notes: Important Issues in Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn387077.aspx
Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)
http://technet.microsoft.com/en-us/library/jj574134.aspx
Here is an example for promoting Windows Server 2012 to a DC, see:
Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
As the server is promoted to a DC, DNS Zones will be replicated and synchronized to it automatically whenever the new one is added to an AD DS domain, bascially there is no special need to add zones, for more information, please see:
Understanding Active Directory Domain Services Integration
http://technet.microsoft.com/en-us/library/cc726034.aspx
Hope this may help
Best regards
Michael
If you have any feedback on our support, please click
here.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Unable to demote a domain controller
Hi Everone,
My primary DC is windows Server 2012 R2 and ADC is windows Server 2008 x64
I am trying to demote Windows Server 2008 x64 and i am facing issues.
when i demote2008 I am getting Error : A Domain Controller could not be contacted for the domain(mydomain.com) that contains
an account for this computers.Make the computer a member of a workgroup then rejoin the domain before retrying the prmotion.
The specified domain either doesnot exist or could not be contacted
When i browse my \\windows2012dc i cannot see sysvol and netlogon shared folders.
on window2012dc C:\windows\sysvol\mydomain and mydomain folder is empty.(no issues with replication in sites and services and no issues with connectivity or gateway )
please guide me because i dont want forceful demote.I would first recommend taking backups of both DCs before proceeding with any changes.
Before trying a forced demotion, you can try the following:
Make sure that both DCs have a single NIC card enabled and only one IP address in use
Make both DCs point to the other as primary DNS server, their private IP addresses as secondary DNS server and 127.0.0.1 as third one. Once done, run
ipconfig /registerdns and restart netlogon service
Disable any security filtering between both DCs and temporary disable security software you use
If this does not help then you need to proceed with a forced demotion.
You can then proceed like the following (First, Use dcdiag to check that the Windows Server 2012 R2 DC has no problems apart of the SYSVOL folder and the replication with the other DC):
Shutdown the DC running Windows Server 2008 (Do not bring it online again without re-installing it later)
Seize all FSMO roles to your Windows Server 2012 R2 DC if it is not already the current FSMO holder: http://support.microsoft.com/KB/255504
Do a metadata cleanup to remove the data of the old Windows Server 2008 DC: Use
dssite.msc to remove its NTDS settings and object over there then use
dsa.msc to remove its AD account
Rebuild your SYSVOL tree: http://support.microsoft.com/kb/315457
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
so we currently have three domain controllers set up, two of them on 2012r2 and one of them on 2008r2. prior to any of these domain controllers being added to the domain there was only one, running on 2003r2. the 2003r2 server was up and running when the
first 2012r2 was added and that's when running 'dcdiag /e /c /v' would yield an issue with "_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local" in the DNS portion of the diagnostics, specifically:
TEST: Records registration (RReg)
Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
Error:
Missing SRV record at DNS server 192.168.22.4:
_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local
after adding the second 2012r2 to the domain, this issue is still there... adding the 2008r2 server to the domain and running BPA it gives the following:
Title:
This domain controller must register a DNS SRV resource record, which is required for replication to function correctly
Severity:
Error
Date:
7/3/2014 11:24:48 AM
Category:
Configuration
Issue:
The "DcByGuid" DNS service (SRV) resource record that advertises this server as an available domain controller in the domain and ensures correct replication is not registered. All domain controllers (but not RODCs) in the domain must register this record.
Impact:
Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.
Resolution:
Ensure that "DcByGuid" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local", pointing to the local domain controller "CM-DC4-NY01.cmedia.local", is registered in DNS.
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126968
I've tried scanning and then re-scanning every single entry in DNS Manager and do not see any reference to this specific GUID mentioned, nor do I see any other domain controllers referenced that should not be in there. The two 2012r2 and the 2008r2 domain
controllers are the only ones listed in DNS Manager... the 2003r2 mentioned earlier failed and was removed.Just to chime in, I noticed that you said you have one 2008 R2 DC, and two 2012 DCs.
I also noticed in the ipconfig /all that all DCs are pointint to themselves for DNS. We usually like to see them point to a partner, then itslelf as the second entry, w hether loopback or by its own IP.
Based on that, what I suggest to level the playing field by choosing the WIndows 2008 R2 DC as the first DNS on all DCs and only administer DNS using that DC. The reason I chose that is because of the least common denominator is what we rather use so we
don't invoke any new features in the newer 2012 DNS console that 2008 R2 may not understand. After that's done, on each DC run (and you can use a PowerShell window to run this):
Rename the system32\config\netlogon.dns and netlogon.dnb files by suffixing ".old" to the file.
ipconfig /registerdns
net stop netlogon
net start netlogon
Then re-run the dcdiag /e /c /v.
Post your results, please.
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
I thought the DNS entries were supposed to be the other way around? point to themselves first and a partner as secondary? regardless, as requested, I've changed it to what you've prescribed where they point to the 2008r2 server as the primary with themselves
as the secondary. I've also followed the steps to what seems like refreshing the DNS? on each of the DCs. Here's the output from dcdiag /e /c /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine CM-DC1-NY01, is a Directory Server.
Home Server = CM-DC1-NY01
* Connecting to directory service on server CM-DC1-NY01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=cmedia,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory
=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia
,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=cmedia,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=nt
DSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CM-DC1-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC1-NY01 passed test Connectivity
Testing server: Default-First-Site-Name\CM-DC3-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC3-NY01 passed test Connectivity
Testing server: Default-First-Site-Name\CM-DC4-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC4-NY01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CM-DC1-NY01
Starting test: Advertising
The DC CM-DC1-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC1-NY01 is advertising as an LDAP server
The DC CM-DC1-NY01 is advertising as having a writeable directory
The DC CM-DC1-NY01 is advertising as a Key Distribution Center
The DC CM-DC1-NY01 is advertising as a time server
The DS CM-DC1-NY01 is advertising as a GC.
......................... CM-DC1-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC1-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC1-NY01.cmedia.local
* SPN found :LDAP/CM-DC1-NY01
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :LDAP/a29d12f1-2869-44bf-8e43-adf7ddf33865._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a29d12f1-2869-44bf-8e43-adf7ddf33865/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local
* SPN found :HOST/CM-DC1-NY01
* SPN found :GC/CM-DC1-NY01.cmedia.local/cmedia.local
[CM-DC1-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC1-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC1-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC1-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC1-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC1-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC1-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC1-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC1-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC1-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC1-NY01.cmedia.local
* SPN found :LDAP/CM-DC1-NY01
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :LDAP/a29d12f1-2869-44bf-8e43-adf7ddf33865._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a29d12f1-2869-44bf-8e43-adf7ddf33865/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local
* SPN found :HOST/CM-DC1-NY01
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC1-NY01.cmedia.local/cmedia.local
......................... CM-DC1-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC1-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC1-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC1-NY01\netlogon
Verified share \\CM-DC1-NY01\sysvol
......................... CM-DC1-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC1-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC1-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC1-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC1-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4609 to 5108
* rIDPreviousAllocationPool is 4609 to 5108
* rIDNextRID: 4629
......................... CM-DC1-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC1-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000002F
Time Generated: 07/08/2014 13:19:14
Event String:
Time Provider NtpClient: No valid response has been received from manually configured peer 0.ca.pool.ntp.org
after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a n
ew peer with this DNS name. The error was: The peer is unreachable.
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC1-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC1-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC1-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC1-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC1-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC1-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC1-NY01 passed test VerifyReplicas
Testing server: Default-First-Site-Name\CM-DC3-NY01
Starting test: Advertising
The DC CM-DC3-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC3-NY01 is advertising as an LDAP server
The DC CM-DC3-NY01 is advertising as having a writeable directory
The DC CM-DC3-NY01 is advertising as a Key Distribution Center
The DC CM-DC3-NY01 is advertising as a time server
The DS CM-DC3-NY01 is advertising as a GC.
......................... CM-DC3-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC3-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC3-NY01.cmedia.local
* SPN found :LDAP/CM-DC3-NY01
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :LDAP/5e9d1971-39ca-484c-922d-411c2364c96e._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e9d1971-39ca-484c-922d-411c2364c96e/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local
* SPN found :HOST/CM-DC3-NY01
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC3-NY01.cmedia.local/cmedia.local
Checking for CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 2 servers
Object is up-to-date on all servers.
[CM-DC3-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC3-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC3-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC3-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC3-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC3-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC3-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC3-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC3-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC3-NY01 on DC CM-DC3-NY01.
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC3-NY01.cmedia.local
* SPN found :LDAP/CM-DC3-NY01
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :LDAP/5e9d1971-39ca-484c-922d-411c2364c96e._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e9d1971-39ca-484c-922d-411c2364c96e/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local
* SPN found :HOST/CM-DC3-NY01
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC3-NY01.cmedia.local/cmedia.local
......................... CM-DC3-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC3-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC3-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC3-NY01\netlogon
Verified share \\CM-DC3-NY01\sysvol
......................... CM-DC3-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC3-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC3-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC3-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC3-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 15109 to 15608
* rIDPreviousAllocationPool is 15109 to 15608
* rIDNextRID: 15110
......................... CM-DC3-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC3-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC3-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC3-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC3-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC3-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC3-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC3-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC3-NY01 passed test VerifyReplicas
Testing server: Default-First-Site-Name\CM-DC4-NY01
Starting test: Advertising
The DC CM-DC4-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC4-NY01 is advertising as an LDAP server
The DC CM-DC4-NY01 is advertising as having a writeable directory
The DC CM-DC4-NY01 is advertising as a Key Distribution Center
The DC CM-DC4-NY01 is advertising as a time server
The DS CM-DC4-NY01 is advertising as a GC.
......................... CM-DC4-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC4-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC4-NY01.cmedia.local
* SPN found :LDAP/CM-DC4-NY01
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :LDAP/37830012-1f10-43c9-a0ff-2a0e8a912187._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/37830012-1f10-43c9-a0ff-2a0e8a912187/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local
* SPN found :HOST/CM-DC4-NY01
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC4-NY01.cmedia.local/cmedia.local
Checking for CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 2 servers
Object is up-to-date on all servers.
[CM-DC4-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC4-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC4-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC4-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC4-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC4-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC4-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC4-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC4-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC4-NY01 on DC CM-DC4-NY01.
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC4-NY01.cmedia.local
* SPN found :LDAP/CM-DC4-NY01
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :LDAP/37830012-1f10-43c9-a0ff-2a0e8a912187._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/37830012-1f10-43c9-a0ff-2a0e8a912187/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local
* SPN found :HOST/CM-DC4-NY01
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC4-NY01.cmedia.local/cmedia.local
......................... CM-DC4-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC4-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC4-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC4-NY01\netlogon
Verified share \\CM-DC4-NY01\sysvol
......................... CM-DC4-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC4-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC4-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC4-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC4-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 15609 to 16108
* rIDPreviousAllocationPool is 15609 to 16108
* rIDNextRID: 15609
......................... CM-DC4-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC4-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC4-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC4-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC4-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC4-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC4-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC4-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC4-NY01 passed test VerifyReplicas -
We have an aging directory service deployment that began with Server 2003 and was upgrade to Server 2008 R2. A while back I remember trying to add a new 2008 R2 domain controller and it gave me some error. We have 5 domain controllers at 5 offices, all the
major 5 roles are installed at the main office. Now I NEED to replace these servers with new 2012 R2 servers that are joined to the domain and ready to role.
And the error hath returned...
(And first off, I have raised domain functionality to 2008 level via sites/domains MMC, and prepped it years ago when I upgraded to 2008. It seems I have a really awful domain corruption issue of some kind, and I suspect the underlying DFS share for AD (sysvol)
is possibly part of the problem.
I am tempting to start a new domain, but I dont want to change 60+ desktops over and have all those users hate me as they will not have every single profile setting copied over (like their outlook databases that will need redownloaded, and their CAD
settings that dont seem to copy with my hacker style profile migration process)
So, can anyone suggest some troubleshooting tips, or is their a way to backup and restore the AD database to the new server and tell the old servers to go away? Back in the SBS days we use to do something called a swing migration, but I dont think it will
fit this situation easily.
Troubleshooting steps and all advise is welcome!
Thanks,
AndyAs Thameur mentioned, please check your Forest Functional Level as it need to be Windows Server 2003 or higher. More details here: http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_FunctionalLevels
You can also start with this troubleshooting guide: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information.
I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is.
The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
setup.)
For 6+ months everyone had access to the shared files and databases on each workstation without issue.
In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already.
Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
no logon servers available to service the logon request”. While access is rejected I’m still able to ping the DC both via its name and IPV4 address.
(Pinging via its name results in an IPv6 address in the response.)
Other network connectivity appears intact (able to browse the web, perform network discovery.)
Things that ‘seem’ to allow access on this computer until the next failure:
Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username.
Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
Most Problematic Computer:
Event ID 8016: System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.)
Event ID 131: NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’
‘No such host is known.”
Event ID 5719: NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
Event 1030: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
Ipconfig/all from the server:
Connection-specific DNS Suffix
Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 234638804
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ipconfig/all from the problematic computer:
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix
. : wp.comcast.net
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
rred)
Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
10.1.10.1
DHCP Server . . . . . . . . . . . : 10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 54535618
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
10.1.10.42
NetBIOS over Tcpip. . . . . . . . : Enabled
Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next. Could a failing piece of hardware be the culprit?
Thanks,
-JTHi,
According to the error you have posted.
A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
Netlogon 5719 and the Disappearing Domain [Controller]
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
Did you refer to this KB article?
Event ID 5719 is logged when you start a Domain Member
http://support.microsoft.com/kb/938449
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hi,
I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller
When I run Farm configuration wizard to provision search service application, I get an error:
ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
The log file logged the details of this error as:
ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
that cannot be translated."
After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
I got some pointer from the below thread
https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
However, the above thread doesn't state that the solution worked.
I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
Thanks in advance.
HimanshuMicrosoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
An associate and myself installed the built-in drivers for the HP OfficeJet Pro 8600 Plus multi-function (network) printer on a Windows Server 2012 Standard server installation and everything worked fine whenever I want to print anything directly from the
Windows Server machine (there's a reason for this, so please understand that ;) ).
We were able to print without any problems from the Windows Server 2012 machine, using the drivers from Microsoft. Mainly, because HP has not listed any specific support for Windows Server 2012, only Windows Server 2008 R2, however, the drivers that
came with Windows 2012 seem to work very well.
PROBLEM: I later had to promote the Windows Server 2012 to a Domain Controller, and created the Active Directory configurations, even enabled the Print Services. After doing all of that, the HP printer will not print anything. It's like all print
requests directly from the Windows Server go to Nil.
Has anyone encountered a problem like this before? The only thing I can think of is that after perhaps something affected printing directly once we promoted the server to being a DC, and added other features / roles. I even tried installing the
HP drivers for Windows Server 2008 R2, and the results are still the same...nothing prints. Trust me, the printer is set as the Default Printer and even when choosing to print, we make sure the HP OfficeJet Pro is selected, and is on, as other Windows
Client PC's can print to it directly.
Does anyone have any suggestions we could try? Thanks in advance.While it is quite a while since this was posted - I can concur a similar issue exists.
We have spent the better part of a day trying to work out why other HP printers work fine but our 8620 prints are not printing and going to Nil. The print server is hosted on a shared DC. Comparing to the initial posters details, for some reason
it seems to be most commonly related to the OfficeJet Pro 8600/8610/8620/8630 series printers.
I ended up doing a print server migration from the domain controller to stand alone host and all printers now work from a single server rather than a mix. Domain controller OSes varied from 2008, 2012, 2012 R2 (tested with multiple) and only after
all of those failed then tried a stand alone server os machine as a last resort which worked fine. Printing directly from Win 7 / 8 /8.1 clients to the IP always worked.
Maybe you are looking for
-
White outline around images in pdf
Ok I've searched google for help and have not found any tips. I'm using CS4. I'm creating a document in indesign. I've placed some psd files into the document. In photoshop they are an object with a transparent background. Now they look fine when pri
-
Problems on my Lumua 620 after Black update
The battery backup of Lumia 620 is really very very disappointing. I cant believe the Nokia manufactured phones will have such low battery backup. It hardly gives a backup of 7 hours. With WhatsApp, Hike and other messaging apps, data connection has
-
I am trying to import video footage from my sony camera on to imovie. The camera does not appear on the drop down when i connect it to the pc via usb. Anyone any ideas?
-
Can you put the tabs on top setting in 'Options - Tabs' so it's easy to get at?
To save all this messing about with tabs everytime a new version of FF updates, I suggest the tabs on top setting is placed in 'Options - Tabs' so it's easy to get at. Lots of people seem to have this problem, for them and me, we prefer to have Tabs
-
Can I create an M4A wrapper around IMA 4:1 AIFF audio?
Hey, I was just wondering if it's possible to wrap IMA 4:1 audio in an M4A container without re-encoding the audio. I have some AIFF files that are encoded in IMA 4:1, and translating this to Apple Lossless makes larger files (more than twice the ori